[go: up one dir, main page]

HK1101625B - Issuing machine - Google Patents

Issuing machine Download PDF

Info

Publication number
HK1101625B
HK1101625B HK07106281.8A HK07106281A HK1101625B HK 1101625 B HK1101625 B HK 1101625B HK 07106281 A HK07106281 A HK 07106281A HK 1101625 B HK1101625 B HK 1101625B
Authority
HK
Hong Kong
Prior art keywords
security
hardcopy
issuing machine
voucher
securities
Prior art date
Application number
HK07106281.8A
Other languages
Chinese (zh)
Other versions
HK1101625A1 (en
Inventor
佐藤通洋
尤达雅.A.尚卡
Original Assignee
佐藤通洋
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/149,556 external-priority patent/US7401043B2/en
Application filed by 佐藤通洋 filed Critical 佐藤通洋
Publication of HK1101625A1 publication Critical patent/HK1101625A1/en
Publication of HK1101625B publication Critical patent/HK1101625B/en

Links

Description

Issuing machine
Cross Reference to Related Applications
This application claims priority from U.S. patent application No.11/149,556 filed on 10/6/2005. The contents of this application, including the specification, claims, drawings, and abstract, are hereby incorporated by reference.
Technical Field
The present invention relates to a issuing system including a plurality of issuing machines for selling, generating and printing newly issued securities or fixed interest rate financing tools including selected features of public stocks and bonds, and a method for establishing a market employing the system. In particular, each issuing machine may print non-modifiable and/or non-counterfeitable hardcopy documents or securities and scan/identify whether the provided hardcopy documents are printed non-modifiable and/or non-counterfeitable hardcopy documents or securities previously generated by the issuing machine of the system.
Background
A stock certificate is a well-known type of security certificate that represents the status and rights of a stock owner. In return for obtaining funds from the investor, the business operator issues a stock certificate representing the investor's status and rights. The person who purchases the stock certificate (i.e., the shareholder) may participate in the operation of the company that issued the stock certificate based on the status and rights that they are given in return. In other words, the shareholder may participate in a shareholder meeting, participate in a vote, and require a dividend from the company that issued the stock certificate.
Additionally, the shareholder may sell the stock certificate to a third party. By selling stocks at a price higher than the original purchase price, they can obtain a profit equal to the difference between the two prices.
A bond is another type of well-known security issued by a government of a country or place, an entity established based on a particular law, or a private enterprise for the liabilities they have with the general public. The bond is characterized by a predetermined payback period after which the issuer of the bond will pay the corresponding principal and interest to the bond owner. The bond owner may also sell the stock at a price higher than the original purchase price and obtain a profit equal to the difference between the two prices.
However, business operators may sometimes not be able to obtain sufficient funds through stock distribution alone. Further, by issuing the bonds, the business operator is liable to pay principal and interest after the repayment period, and thus the bond issuing gives a heavy burden to the business owner.
U.S. patent application publication No.2002/0107766 provides a financial instrument voucher purchase system for issuing, transferring and redeeming financial vouchers representing properties of a prior open transaction of a bond. The system allows an individual to present to a third party a certificate representing a company's securities or other financial instruments without itself constituting a financial instrument, however, the system is not capable of selling, generating or printing the financial instrument itself. Further, the voucher is ordered via a personal computer rather than a publicly available independent issuing machine such as an ATM (automated teller machine).
The existing "online transaction terminals" available to the general public are simply computer terminals from which individuals can conduct online transactions. Such online transaction terminals only process virtual (online) resources and print paper copies of online transaction receipts, but do not print any non-modifiable and/or non-counterfeitable securities. Furthermore, the online trading terminal does not re-circulate/re-use any printed non-modifiable and/or non-counterfeitable securities.
Conventional ATMs only dispense currency and collect currency/checks and do not dispense and collect documents of securities. Some ATMs, such as those described in U.S. patent No.6,981,637, automatically verify and ensure that the dispensed or collected currency is valid (i.e., not counterfeit) by scanning and attempting to identify the type and quantity of the note. However, these ATMs only recirculate banknotes by storing and then dispensing uniformly printed banknotes (by government), but do not print new non-modifiable and/or non-counterfeitable banknotes. Furthermore, these ATMs only accept a limited variety of banknotes, usually of the same currency issued by the same government, so that they can use the data stored in their own memory for authentication without the need to access a central server.
There are currency changers (e.g. devices in vending machines that receive currency notes) with sensors that look for certain characteristics (e.g. thin lines of uv light, special microprinting, etc.) on the inserted notes and check the validity period of the notes and distinguish between notes of different sizes.
Up to now, the circulation of actual securities has been limited to the sale or exchange at specific locations, such as branches of financial institutions, such as banks or security agencies. If one party wishes to sell hard copy securities to another party, the trading of the hard copy securities must be completed at these branches. The branch office may verify the authenticity of the hard copy and record the security's serial number and its new owner. Transactions to counterfeit hard copies are detected and deterred by someone by checking these credentials and transactions in a global (across all venues) database.
There is a need for a security issuance system having multiple issuing machines located at different convenient locations to facilitate potential customers in the procurement of securities, the transfer of the purchased securities to a escrow, the printing out of the purchased non-modifiable hardcopy securities, and the recovery of the printed non-modifiable hardcopy securities into the system.
In addition to securities, other non-modifiable and/or non-forgeable documents, such as stamps, security labels and/or packages, banknotes, checks, banknotes, commercial tickets, passports, driver's licenses, identity cards, smart cards, credit cards, official Transcript (Academic Transcript), etc., protected by different technologies, including: (1) special paper: heavy paper, paper with colored or forensic fibers, or a transparent window, etc.; (2) watermarking: a pattern printed on the paper by changing the density of the paper; (3) micro printing: text that is too small to be accurately reproduced; the text may contain information specific to the bond (e.g., serial number) (4) hologram; (5) a metal fine wire or a fine wire sensitive to ultraviolet rays embedded in the paper; or other high resolution printing techniques. These techniques include those that are not available to the general public or are only available at extremely high cost. Certain technologies (e.g., high resolution printing) increase the cost of the printer. Certain technologies (e.g., special paper) increase the cost of the material.
There is a need for a cost-effective method to print non-modifiable and/or non-counterfeitable documents that cannot be copied with conventional copiers.
Disclosure of Invention
It is an object of the present invention to provide a security issuing system having multiple issuing machines located at different convenient locations to facilitate potential customers in the procurement of securities, the transfer of the purchased securities to a escrow site, the printing out of the purchased non-modifiable and/or non-counterfeitable hardcopy securities, and the recovery of the printed non-modifiable and/or non-counterfeitable hardcopy securities into the system.
The system of the present invention comprises a novel method of issuing a new financial product, other than a stock and bond, that can provide a new opportunity to earn profits to investors trading stocks and bonds by creating and trading a financial instrument on the market that provides a partial guarantee of the security by a third party.
It is therefore an object of the present invention to provide a security issuing system for issuing bonds for obtaining funds from folks so as to encourage investment in utility projects for improving infrastructure even in a low-profile financial form, and to provide a new market forming method enabling marketization of bonds issued by such a security issuing system.
Another intention of the present invention is to provide a security issuing system for issuing bonds which, although dividend, interest and guarantee are stipulated, do not stipulate a repayment period, thus providing a new means for making an enterprise more easily obtain funds, and providing investors with a new financial product that obtains profits through trading, different from stocks and bonds, and a new market forming method for enabling marketization of bonds issued by such a security issuing system.
The above intention can be achieved by an embodiment of the present invention in which a security issuing system has a server in a security issuing authority, a client in a user authority, and a security issuing machine at a security issuing point.
In one embodiment of the invention, the server includes means for transmitting information indicating the intent of the client to obtain the security and means for receiving a bid or offer to purchase the security. The server also has marketable software that authenticates or creates an authentication to issue a security based in part on a bid or offer to purchase the security received from a client. The server also has means for receiving personal user identity information and user institution identity information. The server is also capable of sending to the security issuing machine an authentication including the identity information of the individual user and an authentication for issuing the security. The server also has means for receiving confirmation of issuance of the security from the security issuing machine, accumulating a total amount of the confirmed issued security and calculating a fee to be charged to the user institution.
In a preferred embodiment of the invention, a client device for sending bids or offers to purchase securities to a server sends identity information about individual users and user institutions to the server.
The third component of the preferred embodiment of the present invention is a security issuing machine. The security issuing machine comprises means for receiving from a server an authentication for issuing a security and an issuance of personal user identity information. The security issuing machine is also capable of reading the personal user's reference identity information from the recording medium and then collating or collating the personal user identity information received from the server with the personal user reference identity read from the recording medium. The security issuing machine then makes a decision based on this comparison or collation and, if the result is correct, issues to the user the security detailed in the certificate received from the server for issuing the correct certificate. The security issuer then sends the results or confirmation of the transaction back to the server.
In one embodiment of the invention, the securities issued are bonds for obtaining funds from private parties, the bonds are issued by security issuing agencies for incentives to invest private funds in utilities for improvement of infrastructure, the principal repayment debt and interest payment debt for bonds for which the security issuing agencies are responsible are documented as textual content planned and executed by trusted entities such as, but not limited to, private enterprises of japanese governments, public entities or japanese citizens, and private enterprises of foreign national governments, public entities or foreign citizens, either alone, or in combination, as a guarantor or within a predetermined amount, and as a public utility for improvement of infrastructure.
In still another embodiment of the present invention, the security issuing system includes securities issued by commercial operators for obtaining funds for exchanging vouchers of the securities, on which are recorded: the bonus text describing that the business operator will distribute the benefits of the business to the person who owns the voucher of the security, the interest text describing that the business operator will pay interest regularly to the person who owns the voucher of the security, and the guarantee text describing that the business operator cannot pay the interest according to the interest payment text due to reasons such as maloperation, the debt and the interest payment debt are returned to the principal and the interest payment debt that the security issuing agency is charged with, and the guaranty text of the guarantor within a predetermined amount is used by one or more trusted entities.
In another embodiment of the present invention, the security issuing institution is a private city development institution.
Yet another embodiment of the present invention includes a method for creating a new market that enables persons who have never purchased securities to purchase the securities issued by employing the system and trade the securities in the market as needed.
The present invention provides an apparatus for issuing bonds relating to financing of an item, wherein the item is a utility such as an infrastructure improvement item. A person wishing to purchase a device bond can see the contents of the utility that they are investing in. This method enhances the willingness of an individual to purchase bonds, as the individual may choose his or her financing utility at will. Furthermore, since an individual's investment is never made for its contra-productive utility, the investor can purchase bonds with more confidence.
The present invention provides a method for private enterprises attempting to execute utilities such as infrastructure improvement projects to obtain large amounts of money from private residences through bond issuance that will be invested in utilities such as infrastructure improvement projects.
This is because it is possible to guarantee to the person who purchases the bond that the principal repayment debt and interest payment debt to the bond issuer are guaranteed by the private company side of the japanese government, the public entity or the japanese citizen within a certain amount of line alone or by two or more of them together, thereby guaranteeing to the bond purchaser that the principal and interest can be collected safely within a certain amount of line even if the private company fails in the course of operating the public utility.
Further, the present invention provides a method of preventing the waste of taxes by the private enterprises of the japanese government, public entity or japanese citizen because the guaranty of the principal repayment debt and interest payment debt to the bond issuer by the private enterprises of the japanese government, public entity or japanese citizen and the public entities of the foreign national government or foreign citizen is limited to a certain level that is fairly determined by an independent public institution.
Therefore, when the private company fails to operate a public utility such as an infrastructure improvement item in the case of a government-guaranteed bond, the private company of the japanese government, the public entity or the japanese citizen and the public entity of the foreign national government or the foreign citizen do not have the responsibility to take the entire amount of the principal repayment debt and interest payment debt of the bond issuer.
In addition, since securities not limited to the concept of repayment deadline can be issued according to the present invention, the business operator can operate without having to bear the burden of actual repayment principal.
The owner of a security issued according to the present invention may accept a bonus. In addition, he/she may also be given interest on a regular basis. Further, if the business operator who issues the securities cannot pay interest in terms of the literal contents of the pertinent interest due to the closing over or poor operation, the private business of the japanese government, public entity or japanese citizen, and the public entity of the foreign government or foreign citizen, either alone or in combination, guarantee the principal of repayment of the funds provided to the business operator to the owner of the securities within a predetermined amount.
The securities issued according to the present invention are new types of financial goods that have not been previously available. The product encourages the purchase of securities by people who never have purchased securities. Thus, the present invention may create a new financial market.
According to the present invention, a user institution can make a purchase of securities by a customer, so that a purchaser of securities can purchase securities at home and in the office.
According to the present invention, a client of the security issuing system of the present invention is installed in each user institution, so that the status of the purchase of securities can be easily controlled for each user institution, and each user institution can provide various services to sufficiently attract customers.
The user institution here refers to a security company, bank, private enterprise or general purchaser of securities. According to the present invention, as long as a user of the security issuing system possesses an ID (identification) recording medium, the user can purchase the security even if he/she has no cash at hand.
These and other objects of the present invention will become apparent upon further reading of the following specification and drawings.
The present invention meets and exceeds all of the above objects and aims. Further objects and advantages of the present invention will become apparent to those skilled in the art upon further study of the specification and appended claims.
Drawings
Various other objects, features and attendant advantages of the present invention will be more fully appreciated as the same becomes better understood when considered in connection with the accompanying drawings in which like reference characters designate the same or similar parts throughout the several views, and wherein: fig. 1 is a diagram illustrating a security issuing system according to a preferred embodiment of the present invention.
Fig. 2 is a block diagram of the overall structure of the preferred embodiment of the present invention.
FIG. 3 is a block diagram showing more details of the computer shown in FIG. 2.
Fig. 4 is a flowchart showing a section of a program executed by a computer of the securities company according to the embodiment shown in fig. 3.
Fig. 5 is a flowchart showing a segment of a program executed by the investor's computer according to the embodiment shown in fig. 3.
Fig. 6 is a block diagram of the overall structure of an alternative embodiment of the present invention.
FIG. 7 is a block diagram illustrating further details of the printer shown in FIG. 6.
Fig. 8 is a flowchart showing a section of a program executed by a computer of the securities company according to the embodiment shown in fig. 6.
Fig. 9 is a flowchart showing a segment of a program executed by the investor's computer according to the embodiment shown in fig. 6.
Figure 10 shows a table of three types of fixed interest rate financing tools of the present invention including the financing tool for an Odaiba casino project.
Fig. 11 shows a table of three types of fixed-interest-rate financing tools of the present invention including the financing tool of the japanese highway project.
FIG. 12 shows a table of two types of fixed interest rate financing tools of the present invention.
Fig. 13 shows a hardware block diagram of a publisher according to the invention.
Fig. 14 shows an example of a printed security using a cryptographic checksum according to the present invention.
Fig. 15 shows an example of scanning a document printed on a sheet using embedded fibres (in practice, there may be more embedded fibres).
Fig. 16 shows steps performed by the ASD105 (automatic securities dispenser 105) computer according to a purchase request of a customer.
Figure 17 shows the steps performed by the ASD105 in response to a customer's "sell" request.
Detailed Description
Fig. 10-12 show examples of fixed-interest-rate financing tools that provide dividends or are partially guaranteed by an issuing third party, such fixed-interest-rate financing tools being disclosed in U.S. patent application No.11/148,406 filed on 9/6/2005, the contents of which are hereby incorporated by reference.
The fixed interest rate financing tool has at least the following provisions: an issuing legal entity that issues financing instruments as liability certificates to obtain funds for financing at least one business; a frontal amount paid to the issuing legal entity in exchange for ownership of the financing instrument; a fixed interest rate that specifies a periodic interest reward to be paid to the tool holder as a percentage of the frontal amount; and at least one of: (1) a guarantee proportion g defined as the percentage of interest and frontal amount committed by at least one issuing third party (if said legal entity is not responsible) to be returned to the holder of the instrument, 0 < g < 100; and (2) at least one of a fixed interest rate bonus d and a fixed number of bonus points to be paid to the tool holder after profit is brought on by the financing tool financing business, the fixed interest rate bonus d being defined as a percentage of profit to be paid to the tool holder on a regular basis, 0 < d < 100.
A security is a NOTE (NOTE), a stock, a national library stock, a bond, an unsecured bond (debenture), a certificate of interest or participation in a profit-sharing agreement or a certificate of interest or participation in a right to franchise or lease for oil, gas or minerals, a certificate of trust or acceptance (subscription) to build a lead-forward (pre-organization), a negotiable share, an investment contract, a voting trust certificate, a certificate of trust for a security or a certificate of purchase, sale, option or other right of purchase or right of a security basket, an option or other right to buy, sell, buy or sell rights related to foreign currency or other rights focused on national security exchanges, or a tool generally called a security, or a temporary certificate or a transition certificate for any of the foregoing, a receipt, a guarantee, an acceptance, a right to buy or right to buy, but should not include any instrument (note), bank draft (draft), bill of exchange (bill of exchange), or bank acceptance draft (banker's acceptance) that is in currency or may be limited in that any updates to or from the expiration of the issue time do not exceed 9 months, not including the grace period.
The voucher contains information. A credential is typically a collection used to transfer or store data. A voucher can be seen as any discrete representation that contains meaning, but in general a voucher refers to something like an actual book, a printed page or a virtual voucher that exists in an electronic/digital format. The hardcopy voucher has printed content on it (usually on paper) rather than content or data in digital format read from a screen/display. Examples of hardcopy documents include fax printer pages, fax pages, and computer printouts. Magnetic tapes, disks, and non-printed perforated paper tapes are not hardcopy and do not form part of a hardcopy document.
A voucher is an official voucher, such as a security voucher, deposit voucher (CD), giving proof and details of something, e.g. personal identity, educational background, ownership or authenticity. In computing, and in particular computer security and encryption, the term "credential" typically refers to a digital identity credential, also known as a public key credential.
FIG. 1 is a securities and financing tool issuing system according to one embodiment of the present invention. As shown in fig. 1, the security issuing system according to the present embodiment is provided with:
a server 101 located at a security issuing institution, which may be an underwriter or a private company (including private businesses responsible for executing a utility plan), that proposes to issue a security based on a bid or a security purchase (including, for example, a unique fixed interest rate financing tool as shown in FIGS. 10-12);
at each customer facility (including stock brokerage firms, banks, credit card companies,Or any financial institution holding accounts of the general public), which client device 103 is connected to the server via a communication link 102, the communication link 102 such as, but not limited to, a telephone line or a wireless link;
a security issuing machine 105 (also called an automatic security dispenser ASD), which may be located at each security issue point and which is connected to the server 101 via a communication link 102; and
an Identity (ID) recording medium 106.
When the issuing authority is a private company (which may be a privately owned or publicly operated company), newly issued securities such as stocks, funds or unique fixed-interest-rate financing instruments can be issued without passing through any underwriter or underwriting group, as long as the issuing process meets the legal requirements imposed by a governing entity in a corresponding country, such as the SEC (Security exchange Commission) in the United states, supervising the exchange of the fixed-interest-rate financing instruments for checking or registering according to legal requirements. Such offers for sale cannot be made until the securities application listing register is submitted to the SEC and cannot be accepted until the securities application listing register is validated. After the posting table on the market of the securities application is declared valid, the sales brochure cannot be disseminated unless accompanied or after the final statutory posting specification or the like. According to the present invention, a prospective buyer (an institutional investor or a member of the general public) can go to an independently existing issuing machine to view the instruction for stock and to apply and/or purchase newly issued securities and financing tools. Alternatively, the prospective buyer may subscribe or purchase newly released securities and financing instruments via the actual location of the financial institution as described below. Also, the present invention provides a new market mechanism that allows people to more conveniently buy and sell securities and fixed interest rate financing tools.
The client device 103 may be implemented with a computer, such as but not limited to a general purpose computer, a dedicated terminal, an office computer, or a personal computer.
The client device 103 has installed thereon dedicated stock purchase offering software 104 as well as various other types of application software.
When the stock purchase proposal software 104 is activated, the client device 103 can communicate with the server 101 and send stock purchase proposals or bids to the server 101. The stock purchase proposal software 104 may be lent or licensed free, for example, by a stock issuer to each user institution and established in a manner that enables simpler or more streamlined stock purchase proposals.
The client device 103 and the stock purchase offering software 104 run by it send information about the stocks to be purchased and ID information about the user's person and the user's institution to the server 101 in order to make stock purchases simpler and smoother. The functionality of the client device 103 may be referred to as a bid or purchase request functionality.
At the time of making a bid for stock purchase or making a stock purchase request, ID information about the user's individual and user organization transmitted from the client apparatus 103 to the server 101 is stored as individual user Identity (ID) reference information in the ID recording medium 106. Although the ID recording medium 106 used in the present embodiment is an ID card, the mode of the present invention is not limited to the ID card. The individual user Identification (ID) reference information may be printed in any suitable form such as, but not limited to, text on a card or storage medium, a 2D or 3D barcode, a graphic code, a watermark, a visual biometric photograph, a signature and/or fingerprint or thumbprint, a digitized voice, a handprint, a finger/thumb print, a retinal (eye) image, or the like. The personal user Identification (ID) reference information may be carried in any suitable form, such as, but not limited to, a paper or plastic card, a magnetic strip (e.g., on a debit or credit card), a magnetic disk or tape, an electronic chip (e.g., on a credit or smart card), a personal digital assistant or mobile phone memory, or other portable, handheld or palmtop device, etc. Electronic personal data or biometric data may be verified by sampling in the field or retrieved from a storage medium for comparison with a database in the field or on-line.
Meanwhile, the purchase request acceptance function of the server 101 of the securities issuing organization establishes a securities purchase intention based on the securities purchase offer received from the client device 103. The security purchase intent is a license to issue the security. For example, the server 101 searches a database for any unsold securities of a specific security based on the security information received from the client device 103. If the server determines that there are any unsold securities that meet the bid specification, the server immediately establishes a license for the purchase intent or the share of the securities. If there is no security type specified in the customer bid information, the server notifies the customer device 103 that no security is available for sale.
The server should be set up so that if the ID information from the client device 103 is not properly transmitted, the security purchase intention or the permission to issue the security is not established even if unsold securities remain.
After establishing the security purchase intention or the permission to issue the security, the wait indication function of the server 101 transmits the security purchase intention or the permission to issue the security, purchase information related to the transaction, and ID information related to the security purchase intention to the security issuing machine 105 of the security issue point.
In one embodiment, the security issuing machine 105 of the security issuing point has a slot 105a for inserting, inputting or connecting an ID recording medium. The issuer 105 is also capable of reading the user ID reference information recorded on the ID recording medium by an ID reading function when the ID recording medium 106 is inserted, input, or connected to the slot. The issuing machine 105 may automatically print and distribute fixed interest rate financing tools directly to the purchaser like an Automated Teller Machine (ATM). The customer may purchase the printed security voucher at the ASD. The customer may also insert printed security documents into the ASD105 and sell or convert these documents into online documents. The printed credentials distributed by the ASD105 are not modifiable and/or not counterfeitable.
A printed voucher can be said to be non-modifiable if any changes to the information on the voucher can be readily checked. Herein, the term "information on the voucher" refers to its denomination amount, serial number, issuer identification information, issue date, expiration date, owner name, and the like. "information on the voucher" does not refer to the type of paper on which the voucher is printed, nor to graphics (e.g., pictures) printed on the voucher (although the information may include digitized versions of the graphics).
A printed document can be said to be unforgeable if it cannot be copied without resources that are not available to the public (or are available but costly). Bank notes are a common example. The manufacture of non-counterfeitable documents usually requires the use of special papers and/or special prints (special papers including colored or paper with forensic fibers, paper with a transparent window, paper with a hologram and paper with a watermark.
The cryptographic checksum (typically a binary number of greater than 100 in length) is referred to as a message digest, a message authentication code, an integrity check value, a modification detection code, or a message integrity code. Currently, cryptographic checksums are 128 bits or 160 bits (binary digits) long. Assuming octal coding is used, this may be represented by 32 or 40 decimal numbers. This size is considered indestructible in the relatively recent future (say the next 5 to 10 years). As computers become more powerful, this size will increase (such as doubling). Cryptographic checksums are mathematical values assigned to credentials (called checksums) and are used to later "test" the credentials to verify that the data contained in the credentials has been maliciously (or accidentally) modified. The cryptographic checksum is created by performing a complex series of mathematical operations (defined by a cryptographic algorithm) that take as input the data in the credential and a key (a randomly chosen larger number, e.g., 50 to 100 binary digits), and output a fixed string of digits, which is then used as the checksum. If the key is not known, it is almost impossible (i.e., computationally difficult to implement) to change the data in the credential and obtain the proper checksum.
It may be desirable that the printed document is not modifiable but not necessarily counterfeitable. For example, any transaction involving the credentials will be processed by the designated financial institution knowing which credentials were issued and who the owner of those credentials was. Printed documents that can be bought and sold like currency (i.e. anonymous) must however meet strict requirements that cannot be forged.
The cryptographic checksum is electronically transmitted in digital form during data transmission and data storage. The cryptographic checksum is typically stored on a hard disk or flash memory (both of which are non-volatile memory) or RAM (volatile memory).
Current credit cards, ID cards and similar cards having a magnetic strip use only a digital password and do not use a password checksum. The smart card has a processor and memory (volatile or non-volatile) for storing cryptographic values and executing cryptographic algorithms. But these values are not printed on the card or on the hardcopy document.
Other documents such as driver's licenses, passports, and the like contain only printed passwords such as numeric, 2D, or 3D barcodes, but do not contain password checksums. Recent passports may incorporate smart card technology, but also do not have any cryptographic checksums printed thereon.
The present invention scans the password checksum printed on the hardcopy document, verifies its validity with the ASD host 101 (or financial institution that underwritten or traded the security), and receives the document only if the password checksum matches.
Alternatively, the purchaser may specify a custody place, such as a security broker company (security broker company) at which the purchaser has an account opened, or the like. In one embodiment of the invention, the issuing machine 105 may also have functions like an Automatic Teller Machine (ATM) or other kiosk, such as paying daily bills, fees and taxes (utility, telephone bills, social security, attorney fees, taxes, etc.), charging prepaid cards with monetary value (mobile phone, toll), conducting ticketing transactions (train, concert, etc.).
Publisher 105 may have a custom circuit board or utilize a computer with specific software running on an operating system such as Windows, Linux, etc. A computer (CPU (central processing unit), RAM (random access memory), ROM (read only memory), hard disk, etc.) runs software (operating system, application program) that controls the operation of the ASD.
The ASD105 interacts with customers via input-output devices including keyboards, displays, card readers, and credential printer-scanners. The ASD host 101 is part of a network of security trading financial institutions, and any interaction between the ASD105 and the security trading financial institutions is handled via the ASD105 host.
ASD105 interacts with ASD host 101 via, for example, a dial-up line, a leased line, or a local area network connected to the internet. The ASD105 also has a cryptographic processor that executes cryptographic software for obtaining secure communications (and any other required cryptographic operations) between the ASD105 and the ASD host 101. The ASD105 has a battery backup to ensure proper operation and proper shutdown in the event of a power failure. The publisher machines 105 within the store may connect their cryptoprocessors directly to the internet or other network, or indirectly via a modem over a dedicated telephone line to the internet for connection to a server. The secure cryptoprocessor is typically located within a computer in a secure enclosure. The security of the issuer 105 depends on the integrity of the secure cryptoprocessor.
The issuing machine 105 may then, if appropriate, through the issuing function, (1) provide the user with a pop-up screen, which by clicking can show whether the user is within the purview of having registered a security sale or within the purview of having deregistered, or password protected at that site for investors who have seen the screen display and have provided a password; (2) the user is provided with a pop-up screen that can be clicked to agree to electronically transmit/display a legal tender and then (3) issue securities based on corresponding securities purchase offer information 107. The issuer 105 also provides the statement that paper copies of the endorsement specifications and other required SEC credentials can be provided based on the request in the validated contract. The issuer 105 also has an issue result sending function for sending confirmation about issuance of securities as security issue result information or confirmation to the server 101.
Alternatively, the server 101 and the issuer 105 support real-time pricing of newly released securities to the public online based on real-time available buying and selling offers, rather than on a regular, periodic basis (such as weekly, semi-weekly, or daily on the current bond market).
The outdoor publisher 105 may be self-contained, such as a kiosk; or may be built on the building side of a financial entity such as a security agency, bank, post office, etc. The issuing machines 105 are placed in or within locations such as shopping malls, grocery stores, shops and restaurants. These entities may charge a processing fee for this arrangement. The security features of the publisher 105 include a non-destructible physical structure, an efficient secure distribution mechanism, etc. Other security mechanisms known to those of ordinary skill in the art are installed for the outdoor publisher 105.
The issuance result or the confirmation information of the securities 107 sent from the security issuing machine 105 to the server 101 is accumulated in the database in the server 101 by the information accumulation function.
The server 101 of the securities issuing authority may also calculate a fee (settlement function after issuance) based on the accumulated issuance result information.
The customer may purchase the printed voucher from the ASD. The customer may also insert printed credentials into the ASD105 and sell them or convert them into online credentials. A key feature of the ASD105 is that it includes a printing function as well as a scanning function. The ASD105 prints non-modifiable and/or non-counterfeitable credentials for the customer. The ASD105 also scans the credentials inserted by the customer and verifies if they have been modified or are counterfeit. The print-and-scan functionality distinguishes the ASD105 from a conventional ATM.
The ASD105 produces a non-modifiable printed certificate by printing on the certificate a cryptographic checksum calculated from the certificate information and a key held in secret by the security trading financial institution. The ASD105 produces a non-counterfeitable printed document by using special paper. The difficulty of counterfeiting the document can be increased by using paper with a randomly embedded pattern (e.g. coloured fibres) and recording the pattern when issuing the document (by scanning the document). The recorded pattern or scan is referred to as a fingerprint of the credential.
The operation of the embodiment constituting the above-described contents will now be described. In the securities issuing system using ID information according to the present embodiment, the client device 103 of each user institution is activated by the operator and operated to run the securities purchase offering software 104 installed in the client device 103. When the stock purchase offering software 104 is activated, the client device 103 can communicate with the server 101 of the stock issuing agency.
Next, the operator inputs information on securities desired to be purchased, personal ID information of the user and ID information on the user's institution are input into the client device 103, which are then transmitted from the client device 103 to the server 101 of the security issuing institution to submit the offer or bid for purchase of the securities to the server 101 of the security issuing institution.
The user personal ID information and the ID information about the user institution transmitted to the securities issuing institution are the same as the information stored in the ID recording medium 106 as the user ID reference information.
Upon receiving a stock purchase offer or bid from the client device 103, in a market operation, the server 101 of the stock issuing authority searches the database to see if there are any unsold stocks of a particular stock based on information from the client device 103. If there are any unsold securities that meet the bid specification, the server 101 immediately establishes a security purchase intent. Otherwise, the server 101 notifies the client device 103 that there are no securities that match the bid. If the ID information from the client device 103 is not correctly transmitted, the security purchase intention is not established even if unsold securities remain.
After establishing the security purchase intention or permission, the wait indication function of the server 101 sends security purchase information or permission and appropriate ID information related to the transaction to the security issuing machine 105 of the security issue point. This completes the security purchase intent or licensing step.
A user making a stock purchase offer or bid comes to a stock issue point having an ID recording medium 106 storing ID reference information. The user inserts the ID recording medium 106 into a slot 105a of a security issuing machine 105 of a security issuing institution located at a security issuing point.
The security issuing machine 105 reads information from the ID recording medium 106 and compares the user ID reference information read from the medium with the ID information received from the server 101, and issues a security 107 according to a corresponding security purchase offer based on the comparison result.
The security issuing machine 105 also sends confirmation of the issuance of the security to the server 101 as a security issuance result or confirmation information. The issuance result information of the securities 107 sent from the security issuer 105 to the server 101 is accumulated in the database of the server 101.
The server 101 of the securities issuing authority may also calculate a fee based on the accumulated issue result information, and calculate a fee for the client device 103 of each user authority or each user authority.
As can be seen from the above, since the client device 103 is installed at each user institution, each user institution can more easily manage his stock purchase situation. In particular, since the client device may itself start various other types of applications, there may be a variety of applications, for example, securities purchases may be read into accounting applications.
On the other hand, according to this mode of the present embodiment, the securities issuing institution can provide various services to each user institution. For example, a total settlement after issuance may be arranged based on the securities issuance result information, and a discount service may be provided according to the number of securities issued for each user institution. Thus, the securities issuing organization can practically satisfy the securities purchasing demand of each user organization.
Also, according to this embodiment, since the fee settlement is performed for the user institution, the processing within the institution such as the payment by pad and the declaration thereof is no longer required.
The client device 103 has various functions related to the securities purchase offer, such as a comparison function for the securities purchase offer. Further, various services from the securities issuing authority may be transmitted from the server 101 of the securities issuing authority to the client device 103.
Although the client device 103 directly transmits ID information of each user institution and individual users in the user institution to the securities issuing institution in the present embodiment, the present invention is not limited to this mode.
In an alternative embodiment of the present invention, the client device 103 may also send ID information indirectly to the issuing institution by submitting bids to the local bank or financial institution that display or include the ID information to submit offers or bids for securities purchases. In this case, the japanese bank or financial institution transmits the ID information from the client device 103 to the security issuing institution.
Fig. 2 is a block diagram showing the entire structure of the security information providing system according to the second embodiment of the present invention. The securities information providing system according to the present embodiment includes a computer 21A installed at a securities company and a computer 22A owned by an investor, which are communicably interconnected via a network 23A. The number and types of devices connected to the network 23A are not limited by the example shown in fig. 2.
Fig. 3 is a block diagram showing the constitution of the computers 21A and 22A according to the present embodiment. Referring to fig. 3, each of the computers 21A and 22A has a CPU 21 for performing various control and arithmetic processes, a ROM 212 for storing various programs and data, a RAM 213 as a work area for temporarily storing data, a hard disk 214 for storing various programs and data, a display 215 for performing various displays, an input device 216 such as a keyboard and a mouse for performing various inputs, a network interface 217 for communicating with other devices on a network, and other devices, all of which are interconnected via a bus 218 so as to exchange signals.
The network 23A may be a public network such as a telephone network, a mobile communication network, an ISDN, and a packet switched network, or may be a computer network such as a LAN, a WAN, and the internet.
Next, an outline of the operation of the securities information providing system according to the present embodiment will be discussed. Fig. 4 and 5 are flowcharts of procedures of the securities information providing process of the computers 21A and 22A. The algorithms shown in the flowcharts of fig. 4 and 5 are stored as control programs in the ROM 212 or the hard disk 214 of the computers 21A and 22A, respectively, and are executed by the CPU 21.
In fig. 4, the computer 21A installed in the securities company waits for the input of securities information including the dividend text 3, the interest text 4, and the guarantee text 5 (S101: no). The operator of the securities company inputs into the computer 21A, via the input device 216, the reddish text 3, the interest text 4, and the guarantee text 5 for a specific security similar to the security shown in the first embodiment, and other security information, such as the title-related text 1 and the denomination-related text 2, and other information related to the security voucher.
When the computer 21A receives the securities information including the dividend text 3, the interest text 4 and the guarantee text 5 (S101: yes), the computer 21A records the input securities information in the hard disk 214 (S102), and transmits the securities information to the investor-owned computer 22A via the network interface 217 and the network 23A (S103). The step of transmitting the security information in step S103 may be automatically completed according to the security information input step in step S101, or may be performed upon receiving a transmission request from the computer 22A owned by the investor.
In fig. 5, when receiving securities information including dividend text 3, interest text 4, and security text 5 from the investor-owned computer 21A via the network 23A and the network interface 217 (S201), the computer 22A stores the received information in the hard disk 214 (S202), and displays the same information on the display unit 215 (S203).
In this embodiment, the investor can confirm the contents of the securities based on the presence information from his/her office or home and immediately purchase any desired securities through an online process using the computer 22A. Further, a securities company can publicize and sell securities according to the present invention simultaneously through a network by itself.
Fig. 6 is a block diagram showing the overall configuration of the securities information providing system according to a third embodiment of the present invention. Similarly to the security information providing system according to the foregoing second embodiment, the security information providing system according to the present embodiment includes a computer 21B installed in a security company and a computer 22B owned by an investor, which are interconnected via a network 23B and can perform communication, while a printer 24 is connected to the computer 22B.
The computers 21B and 22B of the present embodiment have a similar composition to the computers 21A and 22A of the second embodiment.
Fig. 7 is a block diagram showing the composition of the printer 24 according to the present embodiment. Referring to fig. 7, the printer 24 includes an operation panel 244 and a printing unit 245 in addition to a CPU 241, a ROM 242, a RAM243, a network interface 246, and a bus 247, the operation panel 244 includes a touch panel, fixed keys, a display lamp, and the like for various inputs and displays, and the printing unit 245 is used to print image data.
Fig. 8 and 9 are flowcharts showing the procedure of the securities issuing process in the computers 21B and 22B in the present embodiment. The algorithms shown in the flowcharts of fig. 8 and 9 are stored as control programs in the ROM 212 or the hard disk 214 of the computers 21B and 22B, respectively, and executed by the CPU 21.
In fig. 8, the computer 21B installed in the securities company waits for the input of securities information including the dividend text 3, the interest text 4, and the security text 5 (S301: no). As shown in the foregoing first embodiment, the operator of the stock company inputs the dividend text 3, the interest text 4, and the security text 5 for a specific stock, and other stock information into the computer 21B via the input device 216.
When the computer 21B receives securities information including dividend text 3, interest text 4, and security information of security text 5 (S301: yes), the computer 21B generates an electronic securities voucher based on the received securities information (S302). The electronic security document mentioned here is a version based on the electronic data of the security document shown in the first embodiment (fig. 1) and contains an electronic signature for a particular security for the security title 1, the text for the denomination amount 2, the reddened text 3, the interest text 4 and the vouching text 5, as well as for the security issuer (commercial operator) for ensuring the legitimacy of the security document. In addition, special copy protection is provided for such electronic securities certificates for the purpose of preventing illegal modification or copying. The computer 21B records the generated electronic securities voucher in the hard disk 214 (S303), and simultaneously transmits the electronic securities voucher to the computer 22B owned by the investor via the network interface 217 and the network 23B (S304). The process of transmitting the security information in step S304 may be automatically completed according to the security information input step in step S303, or may be performed upon receiving a transmission request from the computer 22B owned by the investor.
In fig. 9, upon receiving an electronic securities receipt including dividend text 3, interest text 4 and security text 5 from the investor' S own computer 21B via the network 23B and the network interface 217 (S401), the computer 22B stores the received electronic securities receipt in the hard disk 214 (S402) and displays the electronic securities receipt on the display unit 215 (S403).
In this embodiment, the electronic securities voucher may be circulated through the network as the original of the securities voucher, so that an investor can purchase the contents of securities based on information presented from his/her office or home, and can immediately obtain vouchers of any desired securities through an online process using the computer 22B. Furthermore, a security company can sell a security according to the present invention solely through a network and relieve the burden of sending a security certificate later.
In addition, in addition to or instead of displaying the electronic securities voucher content on a display unit, the computer 22B may print out the electronic securities voucher content through the printer 24. In other words, the computer 22B may provide an electronic document with electronic protection so that the document can be printed only once, so that a unique copy of the document can be printed and made to circulate through the market as the original. In this case, referring to fig. 9, the computer 22B waits for a print instruction of the electronic securities (S404), generates a print job of the contents of the electronic securities (S405) recorded on the hard disk 214, and transmits the print job to the printer 24 (S406). The above-mentioned printout protection applied to the electronic securities voucher does not necessarily have to be of the type that limits printing to one-time printing, but may also be of a plurality of printing types (with protection) or of a non-limiting type (i.e. without protection).
In another embodiment of the present invention, the purchase operation proceeds as follows. The customer enters the details of the desired security and inserts the payment card in the card reader. The ASD105 communicates these details to the security exchange financial institution via the ASD host 101 and retrieves the information to be printed on the hardcopy document (including the cryptographic checksum) and the type of paper used. The ASD105 then prints the voucher on the appropriate paper, scans it (as will be explained later if it is not counterfeitable) and distributes the hardcopy voucher to the customer. The selling operation is performed as follows. The customer inserts the printed hardcopy credentials in the credential scanner and enters the payment method in the card reader. The ASD105 scans the hardcopy credentials and passes the scan to the ASD host 101 to verify the validity of the cryptographic checksum and fingerprint (if available). If this information is valid, the ASD host 101 makes a payment, and then the ASD105 invalidates the hardcopy credential (e.g., prints a "VOID" on top). If the information is invalid, the transaction is cancelled.
As shown in fig. 13, the ASD105 interacts with customers at the "front end" and connects to a remote ASD host 101 at the "back end" (just as an ATM connects to a remote ATM host). The ASD105 is similar to an ATM in terms of hardware components, but with one more printer-scanner. The ASD105 has a PC (personal computer) -like computer 131 (including a CPU 133, a RAM 135, a ROM 139, and a hard disk 151) that controls the operation of the ASD. The ASD105 also has a cryptographic processor 141 for executing cryptographic software for secure communication between the ASD105 and the ASD host 101 (and for calculating a cryptographic checksum if this is done in the ASD). Cryptographic processors are specialized processors that are installed in packages with a variety of physical security measures that make the processor very tamper resistant. The ASD105 has the following input-output devices 161 for interacting with customers: a print-and-scan device 163, a card reader 165 for retrieving payment methods (e.g., credit cards), a keypad 167 for the customer to enter details of the tasks that need to be performed (e.g., whether to buy or sell hardcopy credentials, what type of hardcopy credentials to buy, a PIN code for a payment card), and a display 169 for notifying the customer of the current transaction status and prompting the customer for input.
The print-and-scan apparatus 163 has the following capabilities: it is possible to use ordinary paper and one or more types of special paper. The print-and-scan device 163 can print information provided by the computer on paper of a type specified by the computer, scan the printed voucher, and distribute the printed voucher to the customer. Print-and-scan device 163 may accept a customer-inserted printed hardcopy voucher, scan the voucher, forward the scan to a computer, and then return the hardcopy voucher to the customer or print a "VOID" on the hardcopy voucher and store it locally.
The ASD105 has a network interface device 181 (e.g., modem, wireless interface, ethernet interface) for communicating with a remote ASD host 101. The ASD105 has other devices for management and control purposes: a console (with a display and a keyboard) or an input-output port connected to the console; and a backup battery 171 that allows for continuous operation and proper shut down in the event of a failure of the main power supply. The print/scan device 163 also prints out paper records of transactions for auditing purposes.
Communications between the ASD105 and the stock exchange financial institution are secured through the use of encryption techniques. By KAIndicating use between ASD105 and financial institution for securities exchangeA secure key for communication. (K)AWill be a random number whose length depends on the encryption algorithm, e.g. 56 bits in the DES algorithm and 128 bits or higher in the AES). Will KAStored in the non-volatile memory of the cryptographic processor of the ASD and stored in the computer of the security processing financial institution and possibly at an authorized key contract agent.
When a security transaction processing financial institution sends data (e.g., X) to an ASD, it first utilizes KAEncrypt data and transmit the encrypted data, i.e. transmit E (K)AX), where E is an encryption algorithm (e.g., DES, AES). When the ASD105 receives E (K)AX), it forwards the message to its cryptographic processor, which utilizes KATo E (K)AX) to extract X (i.e., calculate D (K)A,E(KAX)), where D is a decryption function) and transmits X to the ASD105 computer. Note that the ASD105 computer never sees KATherefore, K is not compromised by security threats to the ASD105AThe safety of (2).
The same process is performed after the ASD105 transmits data to the stock exchange financial institution. ASD computer 131 utilizes password K using password processor 141AAnd encrypting the data and sending the encrypted data to the security transaction financial institution.
When E (K) is sent (by ASD105 or financial institution for stock exchange)AX), an eavesdropper on the communication link may obtain E (K)AX), but he cannot obtain X because the eavesdropper does not know KA(according to E (K) without knowing KAAX) it is computationally impossible to get X). Furthermore, if message E (K) is intercepted and modifiedAX), then when the modified message is received and decoded, the resulting data will be misinterpreted (i.e., not have the proper structure of X) and thus the recipient will discard the resulting data. By including in the message the content according to the message and the key (the key and K)AOr for protecting certificatesThe keys of the certificates are different) may be used to obtain more protection against message modification.
The software executed by the host computer 131 of the ASD105 includes an operating system and application software. An operating system (e.g., Windows 2000, Linux) implements a platform for application software execution and control of input-output devices (e.g., issuing commands to printer-scanners, TCP/IP (transmission control protocol/internet protocol) networking).
The application software includes procedures for handling the "buy" and "sell" operations of the customer. These processes prompt the customer for input and send output, interact with the remote ASD host 101 through a network connection, and ensure that the ASD105 and ASD host 101 have a constant understanding of the series of transactions that are being conducted, i.e., at the end of the transaction, either party successfully completes the transaction or both parties cancel the operation altogether.
The application software also includes secure network software (e.g., security framework, SSH) that ensures that interactions between the ASD and the remote ASD host 101 are authenticated, encrypted, and protected from intentional or accidental modification. The encryption itself may be done by the crypto processor 141. The application software may also include Optical Character Recognition (OCR) for verifying the password checksum in the software (rather than in the ASD host 101 or the stock exchange).
To ensure that the printed hardcopy credentials are not modifiable, the system uses cryptographic techniques. Specifically, the system prints a cryptographic checksum (i.e., a strongly encrypted complete checksum) on the hardcopy credential, such as "30984763982847223945732834587" in FIG. 14. In practice, the checksum may also be larger. The checksum is printed as a series of numbers or as a bar code on the hardcopy document. No special paper or high resolution printing is required to produce a non-modifiable hardcopy document. The checksum is computed by applying a cryptographic algorithm (e.g., a keyed Hash Message Authentication Code (HMAC) with a Secure Hash Algorithm (SHA)) to the information on the hard-copy certificate and a key (a large number) held in secret by the security trading financial institution. This key is called the credential key (which is not the same key that the ASB 105 uses to guarantee secure communication with the ASD105 host). Kaufman, Perlman and specner are entitled "network security: the second edition of the Public World's Private Communication in a Public World (ISBN0-13-046019-2) provides guidance for developing suitable algorithms (e.g., HMAC).
The information of the printed hardcopy document can be made non-modifiable by using an appropriate encryption algorithm, such as a keyed hash function. Let KBRepresents a credential key, i.e., a large random number held by a security trading financial institution and used to compute a checksum of a hard-copy credential. Let Y be the information to be printed on the hardcopy document in addition to the cryptographic checksum. The checksum for the hard copy credential is then passed to the key KBAnd data Y by applying a keyed hash function H (e.g. HMAC with SHA) to obtain a larger number, say H (K)B,Y)。
In printing the certificate, the securities exchange financial institution sends Y and H (K)BY), and the ASD105 prints Y and H (K) on the hardcopy voucherBY). H is such that: at unknown KBIt is impossible to obtain H (K) in a calculated mannerBY); or it is not possible to modify Y to say Z, so that H (K)BZ) is equal to H (K)BY). Thus, the information on the hard copy credential cannot be changed without invalidating the checksum. Because of Y and H (K)BY) is sent to the ASD105 in a cryptographically protected message, so that an attacker cannot modify the message during transmission (as described above). Thus, the printed hardcopy document is not modifiable.
In general, the credential key KBAnd a key K for securing secure communication between the ASB 105 and the ASD105 hostAAre not identical. The financial institution of the stock exchange can also use different K for different grades of vouchersB(in order to limit losses in case of a compromise of the credential key).
The hash function with the key is such that: (1) any modification to the information on the credential (e.g., to modify the denomination amount) would invalidate the checksum, and (2) a valid checksum for the modified credential cannot be obtained without knowledge of the key. Thus, the checksum ensures that any modifications to the hard copy credential can be easily detected. The encrypted checksum may also be calculated using an encryption function, such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), and the like. Typically, the data to be protected is encrypted using a credential key and the last cipher block (clpherlock), also known as the remainder, is used as a checksum.
The calculation of the checksum may be done at the security exchange financial institution and the result then sent to the ASD105 for printing on the hardcopy document. Alternatively, this calculation can be done in the cryptographic processor of the ASD (in which case the cryptographic processor should have a copy of the credential key).
When effecting non-counterfeitability of a printed hardcopy document involves scanning the printed hardcopy document, the analysis is the same as for the non-modifiable analysis, except that the fingerprint characterizes not only the information on the hardcopy document, but rather a printed image of the hardcopy document (including a random pattern embedded in the paper).
To ensure that the printed hardcopy document is not counterfeitable, the system requires special paper. The use of special paper requires the preparation (storing) of special paper. There are many types of specialty papers, including papers with security fibers (colored, metallic, or fluorescent), papers with embedded holograms, and papers with microprint. More specialized paper may be used for higher denomination documents.
To increase the difficulty of counterfeiting the document, a random pattern is printed/embedded in the paper and recorded at the time the document is issued. For example, special paper is randomly embedded with colored fibers as shown in fig. 15. To print a hard copy document that cannot be counterfeited, the ASD105 uses one such special sheet of paper, records the digital scan of the hard copy document, and forwards the scan to the security exchange financial institution for storage. Printing a copy of the security is detectable because even if the counterfeiter obtains a special paper of the same kind, it is extremely unlikely that the special paper used for counterfeiting has the same random embedding of the colored fibers.
An example of the "purchase" operation according to the present invention is explained below. The customer walks up to an ASD and enters information specifying the credentials to purchase (bond X with value Y), the payment method (e.g., debit card and PIN number (personal identification number)), and the identity of the customer (e.g., name and address). The ASD105 contacts the stock exchange financial institution, provides payment information, and receives details of the document to be printed (including an encrypted checksum, whether to print on special paper, and if to print on special paper, whether to scan). The ASD105 then prints out the hardcopy voucher, distributes the hardcopy voucher to the customer, and notifies the transaction financial institution that the transaction has been completed. ASD105 obtains the scan results of the printed hardcopy voucher for printing prior to distribution to the customer and sends the scan results to the stock exchange financial institution (via ASD105 host) for long term storage prior to ending the transaction.
Fig. 16 provides details of the "purchase" process performed by computer 131. Operations involving input or output with a guest or with an ASD host are as follows. Typically, the input operation also involves some output. For example, in step 1, ASD105 displays a welcome message to initiate a purchase transaction with the customer. In step 2, the user enters his background information, such as name, address, social security number, etc. In step 3, the user enters details of the desired voucher, such as the issuing company, the amount of the denomination, the validity period of the voucher, etc. In step 4, a prompt is displayed to the customer on the display requesting entry of the card to obtain details of the payment method, such as bank account number, PIN, etc., prior to entering the password card. If payment is to be made with a debit card, the ASD105 initiates a transaction with the ASD host 101 by sending a network output to the ASD host 101 that participates in the handshake between the ASD105 and ASD105 hosts (step 5), and then sends the details of the desired credentials to the ASD host 101 (step 6). After that, the ASD105 receives a reply from the ASD host 101 via the network (step 7). If the ASD host's reply indicates that the credentials are not available in the database, ASD105 notifies the client by displaying the result (step 8). If the ASD host's reply indicates that the credential is available in the database, then the ASD105 sends payment information to the ASD host 101 and receives a reply from the ASD host 101 indicating what needs to be printed (including a password checksum), the type of paper to be used, and whether or not to scan. After that, the ASD105 prints the voucher on an appropriate sheet of paper by the print scanner 163, scans the voucher if necessary by the ASD host 101, and sends the scanned image to the ASD host 101 accordingly. The ASD105 distributes the printed hardcopy voucher to the customer (step 9). The ASD105 prints the transaction status on the local printer for record keeping purposes (step 10), ends the transaction with the ASD host 101 (step 11), and ends the transaction with the customer by displaying a "transaction ended" message.
Step 1: "start transaction with ASD105 host" and step 12: "ending a transaction with the ASD105 host" defines a transaction to be performed "automatically" with the ASD105 host, i.e., if the transaction is not successfully completed (say, the communication link fails), then the state at the beginning of the transaction is restored at the ASD105 and ASD105 hosts.
An example of a "sell" process according to the invention is described below. Before the customer walks up to an ASD, the customer inserts the printed hardcopy voucher to be sold to the ASD's print/scanner device 163 and enters payment information (i.e., the account number to be paid for). The ASD105 scans the credentials and forwards the scan and payment information to the security exchange financial institution. The transaction financial institution verifies the cryptographic checksum and the scan result (if applicable). If the verification is successful, the transaction financial institution completes the payment and notifies the ASD, which then invalidates or destroys the collected printed hardcopy credentials and notifies the customer that the sale process has ended. If the authentication is not successful, the printed hardcopy credentials are returned to the customer (or saved in the ASD) and an explanation is provided to the customer.
Fig. 17 provides more details of the vending process performed by the computer 131 of the ASD 105. As described above, the verification is performed by the ASD105 and the result is forwarded to the transaction financial institution. ASD105 displays a welcome message to initiate a sale transaction with the customer (step 1) and pops up a message asking the customer to insert the printed hardcopy document into the scanner (step 2). ASD105 scans the inserted hard copy credentials using print-and-scan device 163 (step 3) and obtains the original payment details (bank account number, PIN, etc.) via card reader 165 or keypad 167 (step 4). The ASD105 then initiates a transaction with the ASD host 101 (step 5), sends the scanned credentials and collected payment details to the ASD host 101 over the network (step 6), and then receives a reply from the ASD host 101 over the network (step 7). If the ASD host's reply indicates that the hardcopy voucher is valid and payment has been completed by the customer, then ASD105 notifies the customer that the sale was accepted at the market price, prints the VOID on the hardcopy voucher, and stores the voided hardcopy voucher locally (step 8). Instead, the ASD105 invalidates the inserted hardcopy credentials by destroying (e.g., shredding) the hardcopy credentials. If the ASD host's reply indicates that the hardcopy credential is invalid, then ASD105 notifies the client of the result by displaying a message that the credential is invalid and returns the hardcopy credential to the client (step 9). Thus, the ASD105 prints the transaction status on the local printer for record keeping purposes, ends the transaction with the ASD host 101, and ends the transaction with the customer by displaying a "transaction ended" message.
In another embodiment of the invention, to accommodate the situation where the purchaser sells a physical copy of the voucher to another person without notifying the system, the system ASD105 accepts the voucher if the ASD host's reply indicates that the hardcopy voucher is valid, but that the voucher has been purchased by another person other than the customer. In this way, the circulation of physical documents is improved.
A validation operation is provided to a customer to verify the validity of printed hardcopy credentials (e.g., hardcopy credentials obtained by a third party). Such a validation operation is a modification of the sale operation, rather than voiding the printed hardcopy voucher and transferring the funds to the customer's account, the hardcopy is simply returned to the customer after the validation operation.
An online conversion operation is a situation where a customer wishes to convert a printed hardcopy credential into an online credential for storage in an online account of a stock exchange financial institution. This is another modification of the selling operation, and instead of transferring funds to the customer's account, an online version of the credentials is transferred to the customer's account. In addition, the online conversion operation enables the credential holder to sell securities at a limit or stop-and-lose order instead of the market price shown in FIG. 17, at the time of conversion or at a later time when conditions mature. A limit order is an order to buy or sell a specified number of stocks at a specified or better price. A stop-loss ticket is an order designed to trigger a trade when a stock rises or falls to a particular point. The price of the purchase stop-loss ticket is set higher than the current ASK (quote) price, and the sale stop-loss ticket is set lower than the current BID price.
In general, the credential key KBAnd a key K for securing secure communication between the ASB 105 and the ASD105 hostAAre not identical. The financial institution of the stock exchange can also use different K for different grades of vouchersB(in order to limit losses in case of a compromise of the credential key).
The ASD105 enables customers to (1) purchase printed security documents and (2) insert printed security documents for sale or conversion into online documents. The new features of the ASD105 are (1) the use of encrypted checksums to make the printed voucher non-modifiable, and (2) the use of special paper and its scanning to make the printed voucher non-forgeable.
Investors can purchase new financial products of the invention that are neither stocks nor bonds and seek profits in new financial markets that did not exist before, while business operators can use these securities that are neither stocks nor bonds to obtain funds. The financial instrument according to the invention will develop potential private funds in the folk, investing them into the public. Thus, even in the event of financial stress, the present invention will help the national and local governments of countries around the world to improve infrastructure such as roads and healthcare facilities.
The issuing system of the present invention can be applied to issue checks, commercial tickets, passports, driver's licenses, identification cards, smart cards, credit cards, and the like, on which an encrypted checksum is printed. Although checks, banknotes, commercial instruments, passports, driver's licenses, identification cards, smart cards, credit cards do not have all the rights to trade as freely as the securities or fixed interest rate financing tools of the present invention, an issuing office or other institution (e.g., a bank) may use an encrypted checksum to verify the authenticity of an issued hard-copy document for renewal. For example, in addition to trading securities with the fixed interest rate financing instrument of the present invention, a bank may accept requests to issue and update a cash holder's check (e.g., with a new expiration date) through the issuing machine of the present invention. As another example, a motor vehicle authority may accept requests by citizens to issue and update drivers' licenses through the issuing machine of the present invention.
The encrypted checksum of the present invention may be applied to a transcript, etc. Although these credentials do not have ownership issues, the issuing authority may need to verify the credentials later. The school can place an encrypted checksum on the transcript and then check the facsimile copy to see if any modifications have been made to the information printed thereon.
The present invention can be applied in conjunction with existing technologies, such as those previously described for generating non-counterfeitable hardcopy credentials. For example, micro-printing technology is applied to print micro-text (micro-text) on a small space such as a stamp or a credit card. Other examples include specifying a special sheet of paper, or specifying a hologram or watermark pattern to be printed on the sheet of paper, or specifying a high resolution printing technique to print a hardcopy document thereon.
The present invention provides a method for forming a new market by providing a server and a plurality of distribution machines connected to the server via a network.
The principles, preferred embodiments and modes of operation of the present invention have been described in the foregoing specification. However, the invention which is intended to be protected is not limited to the particular embodiments disclosed. The embodiments described herein are exemplary, and not limiting. Modifications and variations may be made by others, and equivalents may be employed, without departing from the spirit of the present invention. It is therefore evident that the invention is intended to cover all modifications, adaptations, and equivalents that fall within the spirit and scope of the invention as defined by the claims.

Claims (15)

1. An issuing machine for transacting hard copy documents, comprising:
receiving means for receiving an ID recording medium provided by a potential purchaser;
information retrieval means for retrieving the identification recorded in the received ID recording medium;
input means for inputting a request by said potential buyer to trade a security or fixed interest rate financing tool;
transaction processing means for processing the requested transaction by retrieving information from the server via the network;
printing means for printing out the hardcopy voucher and the cryptographic checksum thereon purchased by the potential purchaser;
scanning means for scanning a hardcopy credential inserted by a holder; and
determining means for determining whether said hardcopy credential was issued by an issuer connected to said issuer based on at least one cryptographic checksum;
wherein said printing means further prints a random pattern on said hardcopy voucher, said scanning means scanning said hardcopy voucher with said random pattern prior to providing said hardcopy voucher to said purchaser.
2. The issuing machine of claim 1, wherein the scanning means scans a hardcopy document inserted by a holder and if the hardcopy document does not contain the random pattern, the determining means determines the hardcopy document as not issued by an issuing machine connected to the issuing machine.
3. The issuing machine according to claim 1, wherein if the determining means determines that the hard copy voucher is issued by an issuing machine connected to the issuing machine, the transaction processing means purchases the hard copy voucher at a market price or converts the hard copy voucher into an electronic voucher for the holder.
4. The issuing machine of claim 3, wherein the electronic credential is sent to any email account of an individual or to a mechanism indicated by the holder.
5. The issuing machine of claim 4, wherein the mechanism is a security escrow or a security broker.
6. The issuing machine of claim 5, wherein the holder sets a limit order or stop-loss order to sell the electronic voucher through the security broker.
7. The issuing machine of claim 1, wherein if the determining means determines that the hardcopy credential was not issued by an issuing machine connected to the issuing machine, the transaction processing means returns the hardcopy credential to the holder or stores the hardcopy credential in the issuing machine in which the determining means is located and provides an explanation to a customer.
8. The issuing machine of claim 1, wherein the printing device further comprises printing out the hard copy document with a watermark or hologram.
9. The issuing machine according to claim 1, wherein the printing device prints the hardcopy document on heavy paper, colored paper, legal fiber paper, or paper with embedded metal or ultraviolet light sensitive threads.
10. The issuing machine of claim 1, wherein the printing device prints the cryptographic checksum on the hardcopy document with a microprint font.
11. The issuer of claim 1, wherein the cryptographic checksum is generated using a cryptographic algorithm and information other than the cryptographic checksum to be printed on the hardcopy document.
12. The issuer of claim 11, wherein the cryptographic algorithm is a keyed hash function H.
13. The issuing machine of claim 12, wherein KBRepresenting by said serverHolding a voucher key, Y representing information other than said cryptographic checksum to be printed on said hardcopy voucher by applying a key KBSubstituting the sum information Y into the keyed hash function H, i.e. H (K)BY) to obtain the cryptographic checksum.
14. The issuing machine of claim 13, wherein the transaction processing device uses a different credential key KBTo communicate with the server.
15. The issuer of claim 13, wherein the server uses different credential keys K for different kinds of hard copy credentialsB
HK07106281.8A 2005-06-10 2007-06-12 Issuing machine HK1101625B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/149,556 US7401043B2 (en) 2001-09-03 2005-06-10 Method and system for issuing securities and fixed rate financing instruments, method for establishing a market with the system
US11/149,556 2005-06-10

Publications (2)

Publication Number Publication Date
HK1101625A1 HK1101625A1 (en) 2007-10-18
HK1101625B true HK1101625B (en) 2013-06-07

Family

ID=

Similar Documents

Publication Publication Date Title
US8296212B2 (en) Issuing machine and issuing system
JP5485320B2 (en) Issuing machine and issuing system
US7742996B1 (en) Computer program, system and method for on-line issuing and verifying a representation of economic value interchangeable for money having identification data and password protection over a computer network
US8103580B2 (en) Issuing machine and issuing system for public-offering a financing instrument on-line
US6236972B1 (en) Method and apparatus for facilitating transactions on a commercial network system
US5850442A (en) Secure world wide electronic commerce over an open network
JPH09245108A (en) Electronic money system
CA2638249C (en) A system and method for making funds available for gaming
JP2007066293A5 (en)
CA2266976A1 (en) Improvements relating to electronic transactions
US8275691B2 (en) Issuing machine and issuing system
Weber Chablis-Market analysis of Digital payment systems
KR20000067276A (en) Electronic Commerce System Based On Cyber Ticket
WO2017105297A2 (en) System and apparatus for security documents and bank cheque transaction system and methods
US20130046698A1 (en) System and method of creating and authenticating a secure financial instrument
HK1101625B (en) Issuing machine
US20060186191A1 (en) Methods and apparatus for providing a security value for a payment device
KR20160073368A (en) Electronic accounting server and system to issue revenue stamp having the same
Bollen The regulation of internet banking
KR20180098212A (en) Electronic accounting server and system to issue revenue stamp having the same